Menu
▾
▴
Re: [SSHGuard-users] rev 1.7.0 not blocking all worthy of blocking
|
From: Kevin Z. <kev...@gm...> - 2016-07-28 20:31:37
|
On 07/28/2016 13:21, Georg Lehner wrote: > If I had a wish, I would like to be able to specify the coefficient for > the (exponential?) back-off time. Currently it seems to be set fixed to > 1.5 (man page, -p option). I can do that. > Another idea: sshg-parse could be used for creating time series of the > attacks, which can then be analyzed by statistical tools. Eventually we > end up with an adaptive Kalman Filter or so ... The intent of splitting up the parser into a separate binary was to make it possible to plug it into other tools :) I actually have some data I collected. It's a bit limited in usefulness because SSHGuard blocks the attacker after 3 attempts. I've attached it here in case anyone wants to play with the data. Briefly, each line represents the attacks from an attacker. Each entry is the time of an attack (Unix time). -1 represents a block by SSHGuard. I've also included a script that breaks this data up into groups of 3 attacks that you can import into IPython. Have fun, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
